毕业设计（论文）英文翻译课题名称系 部专 业班 级学 号姓 名指导教师 校内：校外：2012年4月5日原文：CHARACTERISTICS OF COMPUTER INTRUSION AND KINDS OF SECURITY BREACHES CHARACTERISTICS OF COMPUTER INTRUSION AND KINDS OF SECURITY BREACHES 1．CHARACTERISTICS OF COMPUTER INTRUSIONThe target of a crime involving computers may be any piece of the computing system．A computing system is a collection of hardware，software，storage media，data，and persons that an organization uses to do computing tasks．Whereas the obvious target of a bank robbery is cash，a list of names and addresses of depositors might be valuable to a competing bank．The list might be on paper，recorded on a magnetic medium，stored in internal computer memory，or transmitted electronically across a medium such as a telephone line．This multiplicity of targets makes computer security difficult．In any security system，the weakest point is the most serious vulnerability．A robber intent on stealing something from your house will not attempt to penetrate a two-inch thick metal door if a window gives easier access．A sophisticated perimeter physical security system does not compensate for unguarded access by means of a simple telephone line and a modem．The “weakest point” philosophy can be restated as the following principle．Principle of Easiest Penetration．An intruder must be expected to use any available means of penetration．This will not necessarily be the most obvious means，nor will it necessarily be the one against which the most solid defense has been installed[1]．This principle says that computer security specialists must consider all possible means of penetration，because strengthening one may just make another means more appealing to intruders[2]．We now consider what these means of penetration are．2．KINDS OF SECURITY BREACHESIn security，an exposure is a form of possible loss or harm in a computing system；examples of exposures are unauthorized disclosure of data，modification of data，or denial of legitimate access to computing．A vulnerability is a weakness in the security system that might be exploited to cause loss or harm．A human who exploits a vulnerability perpetrates an attack on the system．Threats to computing systems are circumstances that have the potential to cause loss or harm；human attacks are examples of threats，as are natural disasters，inadvertent human errors，and internal hardware or software flaws[3]．Finally，a control is a protective measure—an action，a device，a procedure，or a technique—that reduces a vulnerability．The major assets of computing systems are hardware，software，and data．There are four kinds of threats to the security of a computing system：interruption，interception，modification，and fabrication．The four threats all exploit vulnerabilities of the assets in computing systems．These four threats are shown in Fig.（1）In an interruption，an asset of the system becomes lost or unavailable or unusable．An example is malicious destruction of a hardware device，erasure of a program or data file，or failure of on operating system file manager so that it cannot find a particular disk file．（2）An interception means that some unauthorized party has gained access to an asset．The outside party can be a person，a program，or a computing system．Examples of this type of failure are illicit copying of program or data files，or wiretapping to obtain data in a network．While a loss may be discovered fairly quickly，a silent interceptor may leave no traces by which the interception can be readily detected[4]．（3）If an unauthorized party not only accesses but tampers with an asset，the failure becomes a modification．For example，someone might modify the values in a database，alter a program so that it performs an additional computation，or modify data being transmitted electronically．It is even possible for hardware to be modified．Some cases of modification can be detected with simple measures，while other more subtle changes may be almost impossible to detect．（4）Finally，an unauthorized party might fabricate counterfeit objects for a computingsystem．The intruder may wish to add spurious transactions to a network communication system，or add records to an existing data base．Sometimes these additions can be detected as forgeries，but if skillfully done，they are virtually indistinguishable from the real thing．These four classes of interference with computer activity—interruption，interception，modification，and fabrication—can describe the kinds of exposures possible．METHODS OF DEFENSEComputer crime is certain to continue．The goal of computer security is to institute controls that preserve secrecy，integrity，and availability．Sometimes these controls are able to prevent attacks；other less powerful methods can only detect a breach as or after it occurs．In this section we will survey the controls that attempt to prevent exploitation of the vulnerabilities of computing systems．EncryptionThe most powerful tool in providing computer security is coding．By transforming data so that it is unintelligible to the outside observer，the value of an interception and the possibility of a modification or a fabrication are almost nullified．Encryption provides secrecy for data．Additionally，encryption can be used to achieve integrity，since data that cannot be read generally also cannot be changed．Furthermore，encryption is important in protocols，which are agreed-upon sequences of actions to accomplish some task．Some protocols ensure availability of resources．Thus，encryption is at the heart of methods for ensuring all three goals of computer security．Encryption is an important tool in computer security，but one should not overrate its importance．Users must understand that encryption does not solve all computer security problems．Furthermore，if encryption is not used properly，it can have no effect on security or can，in fact，degrade the performance of the entire system．Thus，it is important to know the situations in which encryption is useful and to use it effectively．Software ControlsPrograms themselves are the second link in computer security．Programs must be secure enough to exclude outside attack．They must also be developed and maintained so that one can be confident of the dependability of the programs．Program controls include the following kinds of things：• Development controls，which are standards under which a program is designed，coded，tested，and maintained• Operating system controls，which are limitations enforced by the operating system to protect each user from all other users• Internal program controls that enforce security restrictions，such as access limitations in a database management programSoftware controls may use tools such as hardware components，encryption，or information gathering．Software controls generally affect users directly，and so they are often the first aspects of computer security that come to mind．Because they influence the way users interact with a computing system，software controls must be carefully designed．Ease of use and potency are often competing goals in the design of software controls．3．Hardware ControlsNumerous hardware devices have been invented to assist in computer security．These devices range from hardware implementations of encryption to locks limiting access to theft protection to devices to verify users’ identities．1）PoliciesSome controls on computing systems are achieved through added hardware or software features，as described above．Other controls are matters of policy．In fact，some of the simplest controls，such as frequent changes of passwords，can be achieved atessentially no cost but with tremendous effect．Legal and ethical controls are an important part of computer security．The law is slow to evolve，and the technology involving computers has emerged suddenly．Although legal protection is necessary and desirable，it is not as dependable in this area as it would be in more well-understood and long-standing crimes[1]．The area of computer ethics is likewise unclear，not that computer people are unethical，but rather that society in general and the computing community in particular have not adopted formal standards of ethical behavior．Some organizations are attempting to devise codes of ethics for computer professionals．Although these are important，before codes of ethics become widely accepted and therefore effective，the computing community and the general public need to understand what kinds of behavior are inappropriate and why．2）Physical ControlsSome of the easiest，most effective，and least expensive controls are physical controls．Physical controls include locks on doors，guards at entry points，backup copies of important software and data，and physical site planning that reduces the risk of natural disasters．Often the simple physical controls are overlooked while more sophisticated approaches are sought．3）Effectiveness of ControlsMerely having controls does no good unless they are used properly．The next section contains a survey of some factors that affect the effectiveness of controls．◆Awareness of ProblemPeople using controls must be convinced of the need for security；people will willingly cooperate with security requirements only if they understand why security is appropriate in each specific situation．Many users，however，are unaware of the need for security，especially in situations in which a group has recently undertaken a computing task that was previously performed by a central computing department[2]．◆Likelihood of UseOf course，no control is effective unless it is used．The lock on a computer room door does no good if people block the door open．During World War II code clerks used outdated codes because then had already learned them and could encode messages rapidly．Unfortunately，the opposite side had already broken some of those codes and could decode those messages easily．Principle of Effectiveness．Controls must be used to be effective．They must be efficient，easy to use，and appropriate．This principle implies that computer security controls must be efficient enough，interms of time，memory space，human activity，or other resources used，so that using the control does not seriously affect the task being protected．Controls should be selective so that they do not exclude legitimate accesses．4）Overlapping ControlsSeveral different controls may apply to one exposure．For example，security for a microcomputer application may be provided by a combination of controls on program access to the data，on physical access to the microcomputer and storage media，and even by file locking to control access to the processing programs[3]．5）Periodic ReviewFew controls are permanently effective．Just when the security specialist finds a way to secure assets against certain kinds of attacks，the opposition doubles its efforts in an effort to defeat the security mechanism．Thus，judging the effectiveness of a control is an ongoing task．译文:入侵计算机的特点和破坏安全的类型1.入侵计算机的特点对计算机犯罪的目标可以是计算机系统的任何部分。